EP4277207A3 - Network telemetry collection with packet metadata filtering - Google Patents

Network telemetry collection with packet metadata filtering Download PDF

Info

Publication number
EP4277207A3
EP4277207A3 EP23201071.0A EP23201071A EP4277207A3 EP 4277207 A3 EP4277207 A3 EP 4277207A3 EP 23201071 A EP23201071 A EP 23201071A EP 4277207 A3 EP4277207 A3 EP 4277207A3
Authority
EP
European Patent Office
Prior art keywords
telemetry
exporter
traffic
network telemetry
packet metadata
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP23201071.0A
Other languages
German (de)
French (fr)
Other versions
EP4277207A2 (en
Inventor
Blake Harrell Anderson
David Mcgrew
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Cisco Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Technology Inc filed Critical Cisco Technology Inc
Publication of EP4277207A2 publication Critical patent/EP4277207A2/en
Publication of EP4277207A3 publication Critical patent/EP4277207A3/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/04Inference or reasoning models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Evolutionary Computation (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Artificial Intelligence (AREA)
  • Medical Informatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computational Linguistics (AREA)
  • Technology Law (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

In embodiments, a telemetry exporter in a network establishes a tunnel between the telemetry exporter and a traffic analysis service. The telemetry exporter obtains packet copies of a plurality of packets sent between devices via the network. The telemetry exporter forms a set of traffic telemetry data by discarding at least a portion of one or more of the packet copies, based on a filter policy. The telemetry exporter applies compression to the formed set of traffic telemetry data. The telemetry exporter sends, via the tunnel, the compressed set of traffic telemetry data to the traffic analysis service for analysis.
EP23201071.0A 2019-11-25 2020-11-18 Network telemetry collection with packet metadata filtering Pending EP4277207A3 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US16/693,885 US11563771B2 (en) 2019-11-25 2019-11-25 Network telemetry collection with packet metadata filtering
EP20208474.5A EP3826261B1 (en) 2019-11-25 2020-11-18 Network telemetry collection with packet metadata filtering

Related Parent Applications (2)

Application Number Title Priority Date Filing Date
EP20208474.5A Division EP3826261B1 (en) 2019-11-25 2020-11-18 Network telemetry collection with packet metadata filtering
EP20208474.5A Division-Into EP3826261B1 (en) 2019-11-25 2020-11-18 Network telemetry collection with packet metadata filtering

Publications (2)

Publication Number Publication Date
EP4277207A2 EP4277207A2 (en) 2023-11-15
EP4277207A3 true EP4277207A3 (en) 2024-02-21

Family

ID=73476052

Family Applications (2)

Application Number Title Priority Date Filing Date
EP20208474.5A Active EP3826261B1 (en) 2019-11-25 2020-11-18 Network telemetry collection with packet metadata filtering
EP23201071.0A Pending EP4277207A3 (en) 2019-11-25 2020-11-18 Network telemetry collection with packet metadata filtering

Family Applications Before (1)

Application Number Title Priority Date Filing Date
EP20208474.5A Active EP3826261B1 (en) 2019-11-25 2020-11-18 Network telemetry collection with packet metadata filtering

Country Status (2)

Country Link
US (2) US11563771B2 (en)
EP (2) EP3826261B1 (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10903985B2 (en) 2017-08-25 2021-01-26 Keysight Technologies Singapore (Sales) Pte. Ltd. Monitoring encrypted network traffic flows in a virtual environment using dynamic session key acquisition techniques
US10893030B2 (en) 2018-08-10 2021-01-12 Keysight Technologies, Inc. Methods, systems, and computer readable media for implementing bandwidth limitations on specific application traffic at a proxy element
US11190417B2 (en) * 2020-02-04 2021-11-30 Keysight Technologies, Inc. Methods, systems, and computer readable media for processing network flow metadata at a network packet broker
US11212219B1 (en) * 2020-06-26 2021-12-28 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. In-band telemetry packet size optimization
US11895193B2 (en) * 2020-07-20 2024-02-06 Juniper Networks, Inc. Data center resource monitoring with managed message load balancing with reordering consideration
US20220070223A1 (en) * 2020-08-31 2022-03-03 Palo Alto Networks, Inc. Security platform with external inline processing of assembled selected traffic
US12010141B1 (en) 2021-06-24 2024-06-11 Airgap Networks Inc. System gateway while accessing protected non-web resources connected to internet
US11936726B2 (en) * 2021-10-12 2024-03-19 Pensando Systems Inc. Methods and systems for implementing traffic mirroring for network telemetry
US11711279B2 (en) 2021-10-26 2023-07-25 Juniper Networks, Inc. Application records using session information
US20220116403A1 (en) * 2021-12-22 2022-04-14 Intel Corporation Telemetry restriction mechanism
CN114422213B (en) * 2021-12-31 2023-07-25 南京邮电大学 INT-based abnormal flow detection method and device
CN114666681B (en) * 2022-03-21 2024-05-10 厦门大学 Stateful in-band network telemetry method and system
CN115622814B (en) * 2022-12-19 2023-03-10 北京六方云信息技术有限公司 HTTP tunnel detection method, device and equipment based on depth self-encoder

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3382960A2 (en) * 2017-03-27 2018-10-03 Cisco Technology, Inc. Machine learning-based traffic classification using compressed network telemetry data
CN110113349A (en) * 2019-05-15 2019-08-09 北京工业大学 A kind of malice encryption traffic characteristics analysis method
US20190349403A1 (en) * 2018-05-11 2019-11-14 Cisco Technology, Inc. Detecting targeted data exfiltration in encrypted traffic

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8813220B2 (en) * 2008-08-20 2014-08-19 The Boeing Company Methods and systems for internet protocol (IP) packet header collection and storage
WO2015113036A1 (en) 2014-01-27 2015-07-30 Vencore Labs, Inc. System and method for network traffic profiling and visualization
US10645002B2 (en) * 2014-06-20 2020-05-05 Hewlett Packard Enterprise Development Lp System, apparatus and method for managing redundancy elimination in packet storage during observation of data movement
US9961105B2 (en) * 2014-12-31 2018-05-01 Symantec Corporation Systems and methods for monitoring virtual networks
US10237068B2 (en) 2015-04-27 2019-03-19 Cisco Technology, Inc. Network path proof of transit using in-band metadata
US10362373B2 (en) 2016-01-07 2019-07-23 Cisco Technology, Inc. Network telemetry with byte distribution and cryptographic protocol data elements
US11323862B2 (en) * 2016-05-06 2022-05-03 Convida Wireless, Llc Traffic steering at the service layer
FR3064356B1 (en) 2017-03-27 2019-06-07 Centre Technique Des Industries Mecaniques Et Du Decolletage MEASUREMENT OF MILLING EFFORTS
US10341748B2 (en) 2017-07-05 2019-07-02 Infinera Corporation Packet-optical in-band telemetry (POINT) framework
US11159386B2 (en) * 2019-03-14 2021-10-26 Cisco Technology, Inc. Enriched flow data for network analytics
US10887187B2 (en) * 2019-05-14 2021-01-05 At&T Mobility Ii Llc Integration of a device platform with a core network or a multi-access edge computing environment
US11146463B2 (en) * 2019-06-05 2021-10-12 Cisco Technology, Inc. Predicting network states for answering what-if scenario outcomes

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3382960A2 (en) * 2017-03-27 2018-10-03 Cisco Technology, Inc. Machine learning-based traffic classification using compressed network telemetry data
US20190349403A1 (en) * 2018-05-11 2019-11-14 Cisco Technology, Inc. Detecting targeted data exfiltration in encrypted traffic
CN110113349A (en) * 2019-05-15 2019-08-09 北京工业大学 A kind of malice encryption traffic characteristics analysis method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SCHOINIANAKIS DIMITRIOS ET AL: "MDiET: Malware Detection in Encrypted Traffic", HCI 2014 - SAND, SEA AND SKY - HOLIDAY HCI, 10 September 2019 (2019-09-10), First Floor, Block D, North Star House, North Star Avenue Swindon SN2 1FA UK, pages 31 - 37, XP055792996, ISSN: 1477-9358, DOI: 10.14236/ewic/icscsr19.4 *
YAACOUBI OMAR: "The rise of encrypted malware", NETWORK SECURITY, vol. 2019, no. 5, 1 May 2019 (2019-05-01), pages 6 - 9, XP085695354, ISSN: 1353-4858, DOI: 10.1016/S1353-4858(19)30059-5 *

Also Published As

Publication number Publication date
EP3826261A1 (en) 2021-05-26
US20230239319A1 (en) 2023-07-27
EP4277207A2 (en) 2023-11-15
US11563771B2 (en) 2023-01-24
US20210160275A1 (en) 2021-05-27
EP3826261B1 (en) 2023-11-08
US11979430B2 (en) 2024-05-07

Similar Documents

Publication Publication Date Title
EP4277207A3 (en) Network telemetry collection with packet metadata filtering
DE602007010662D1 (en) IMPROVED HEADER COMPRESSION IN A WIRELESS COMMUNICATION NETWORK
WO2012177763A3 (en) Method and apparatus for video aware bandwidth aggregation and/or management
WO2008142455A3 (en) A method and system for the creation, management and authentication of links between entities
WO2006096557A3 (en) Restructuring data packets to improve voice quality at low bandwidth conditions in wireless networks
EP1764980B8 (en) Method and apparatus for packet segmentation and concatenation signaling in a communication system
WO2006127176A3 (en) Separating control and data in wireless networks
EP4040727A4 (en) Network data collection method, device and system
WO2016105472A3 (en) Redundant links for reliable communication
EP2194671A3 (en) Efficient key derivation for end-to-end network security with traffic visibility
WO2008112466A3 (en) Real-time sessions for wireless mesh networks
PH12019502798A1 (en) Data transmission method, terminal device, and network device
EP1345363A3 (en) Scalable packet filter for a network device
EP3855791A4 (en) Information reporting method, information receiving method, terminal, and network device
WO2005119991A3 (en) System and method for increasing the range or bandwidth of a wireless digital communication network
WO2011159780A3 (en) Method and apparatus pertaining to the assessment of mobile communications network infrastructure latency through high-speed channels
EP3177064A3 (en) Dynamic traffic shaping for communication networks in moving vehicles, such as trains
EP3625932A4 (en) Wireless communication access node (wcan) device based policy enforcement and statistics collection in anchorless communication systems
DE602004007413D1 (en) OPTIMIZING RESOURCE USE IN A PACKAGED NETWORK
DE112016006850T5 (en) Avoid discarding critical video data in a Modem Long Term Evolution stack
EP3913959A4 (en) Information reporting method, receiving method, terminal device, and network device
WO2013152229A2 (en) Systems and methods for selective data redundancy elimination for resource constrained hosts
EP4017101A4 (en) Status information reporting method, terminal and network device
EP3742778A4 (en) Resource reporting method, terminal device, and network device
WO2007133998A3 (en) Efficient modification of packet filters in a wireless communication network

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AC Divisional application: reference to earlier application

Ref document number: 3826261

Country of ref document: EP

Kind code of ref document: P

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

PUAL Search report despatched

Free format text: ORIGINAL CODE: 0009013

AK Designated contracting states

Kind code of ref document: A3

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 9/40 20220101AFI20240116BHEP